OpenSea, the biggest non-fungible token (NFT) marketplace, has warned of a data breach that its email delivery service provider—Customer.io—suffered, which could likely impact all its users.
According to OpenSea’s notice, an employee of Customer.io misused their employee access to download and share the email addresses of OpenSea users with an unauthorized external party. This includes emails for signing up and subscribing to OpenSea’s newsletter.
“Please stay vigilant about your email practices, and be alert for any attempt to impersonate OpenSea via email… Because the data compromise included email addresses, there may be a heightened likelihood for email phishing attempts,” OpenSea advised users.
The notice was written by Cory Hardman, the head of Security at OpenSea. Hardman also outlines a guideline for users to follow to protect themselves from email phishing attempts. Users should always confirm that the email domain name is correct and does not contain shuffled letters, and should not download any attachments in emails.
Users should also never share passwords, wallet phrases, or sign transactions if they are prompted to from suspicious emails. OpenSea says it is still investigating the breach together with Customer.io and has reported the incident to law enforcement.
Community members want OpenSea to boost its security
There has been no report of users falling victim to phishing attacks due to the breach. However, users of the NFT marketplace have suffered other losses from vulnerabilities on other platforms OpenSea uses.
Back in May, hackers compromised the Discord server of OpenSea and were able to steal NFTs worth around $26,903 at the time from ten wallets, as reported by Fortune.
In February, a vulnerability on the platform itself allowed hackers to list and sell NFTs of users without their consent. Another controversial issue the marketplace has recently faced is the arrest of a former employee due to insider trading.
The multiple incidents have led to an outcry from users for the platform to improve security. Users have also pointed out that OpenSea’s customer service experience needs improvement as they are slow to respond to consumer complaints.
One expert speaking to the New York Times attributed the continued negligence of the platform to these complaints to a lack of accountability and regulation.
Follow CoinGeek’s Crypto Crime Cartel series, which delves into the stream of groups from BitMEX to Binance, Bitcoin.com, Blockstream, ShapeShift, Coinbase, Ripple,
Ethereum, FTX and Tether—who have co-opted the digital asset revolution and turned the industry into a minefield for naïve (and even experienced) players in the market.
New to Bitcoin? Check out CoinGeek’s Bitcoin for Beginners section, the ultimate resource guide to learn more about Bitcoin—as originally envisioned by Satoshi Nakamoto—and blockchain.